Back to search results

Security Detection & Response II

Chester, United Kingdom
Refer a friend

Job Description:

Job Title:  Security Detection & Response II

Corporate Title: Up to Vice President  

Location: Chester

Company Overview:

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection.  We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day.

Being a Great Place to Work is core to how we drive Responsible Growth.  This includes our commitment to being a diverse and inclusive workplace, attracting and developing exceptional talent, supporting our teammates’ physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve.

At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact.  Join us!

Location Overview:

Find us in the city of Chester, a destination renowned for its culture, history, and beauty. Working at Bank of America Chester offers a far-reaching global career for a world-renowned organisation, whilst being ideally situated against the backdrop of the rolling North Wales hills and the banks of the serene River Dee.

Role Description:

We are seeking an experienced and motivated Security Detection & Response Analyst (SDR II) to join the GIS Monitoring and Triage team. This role supports cybersecurity operations across threat detection, investigation, response, and continuous service improvement.

You should be an experienced security practitioner capable of operating within the end-to-end detection and response lifecycle (detect → investigate → respond → improve), combining broad analytical capability with an engineering mindset to rapidly identify, investigate, and contain threats. The analyst will operate across multiple security domains, validating detections, investigating threats, and executing response actions with sound judgment.

This role requires cross-domain security expertise, broad analytical and engineering capabilities, and the ability to leverage automation, orchestration, and AI-driven technologies to improve detection outcomes, reduce manual effort, and continuously enhance overall security effectiveness.

This team work on a follow the sun methodology with weekends and Bank holidays included, the shifts will be 4 10-hour shifts this will be Sunday – Wednesday or Wednesday to Saturday

Responsibilities:

  • You will operate within the end-to-end detection and response lifecycle (detect → investigate → respond → improve), including analysing logs and telemetry from multiple sources to establish attack scope, impact, and root cause
  • You will build, validate, tune, and optimize detection logic and coverage, leveraging attacker tactics, techniques, and procedures (TTPs) and frameworks such as MITRE ATT&CK to improve accuracy and reduce false positives
  • Execute and coordinate security event response activities, including containment, isolation, escalation, and remediation, applying sound judgment during active engagements
  • You will maintain and improve automation and orchestration capabilities, including SOAR workflows, automated playbooks, scripted response actions, and AI-driven enhancements to reduce manual effort and improve detection and response outcomes. Accountable for measurable improvements in MTTR, detection quality, and signal-to-noise ratio
  • You will document and communicate security event findings, including timelines and lessons learned, while providing clear updates to stakeholders and driving continuous improvement in detection and response processes
  • Identify gaps in monitoring and detection coverage, contributing to operational maturity through continuous improvement initiatives, metrics, and enhancements to detection, response, and automation capabilities
  • Support integration of partner use cases into detection and monitoring workflows
  • Guide and instruct junior members of the team to support the achievement of professional goals

What we are looking for:

  • Experience in security operations, incident response, detection engineering, or related cybersecurity functions within a production environment
  • Experience in security detection, investigation, and response across multiple domains, with the ability to pivot across data sources and independently manage end-to-end investigations from initial triage through post-incident improvement
  • Ability to build, validate, and tune detections and response workflows, including reducing false positives.
  • Considerable proficiency in log analysis, telemetry interpretation, and cross-system data correlation, including the ability to query, manipulate, and optimize data using KQL, SPL, SQL, or similar languages for investigative and detection use cases
  • Practical experience with containment, response actions, and automation, including developing or maintaining SOAR workflows, API integrations, and scripted response actions using sound judgment
  • Experience with security platforms and technologies, including SIEM, EDR/XDR, identity security, and cloud security
  • Working knowledge of identity and access systems and common attack paths, including credential theft, privilege escalation, and session/token abuse
  • Considerable understanding of attacker tactics, techniques, and procedures (TTPs), including MITRE ATT&CK
  • Record of improving operational effectiveness, including reducing alert noise, improving detection coverage, and decreasing mean time to detect and respond
  • Great analytical, decision-making, and communication skills, including the ability to clearly articulate findings, provide timely incident updates to both technical and non-technical stakeholders, and operate effectively in high-pressure scenarios
  • Ability to operate with minimal supervision and make risk-informed decisions quickly

Skills that will help:

  • Exceptional communication and executive presence, with the ability to influence at all organizational levels
  • Process discipline
  • Leadership competency in geographically diverse matrixed environment.
  • Relevant Cyber Security Certificate
  • Worked in SOC environment before
  • Familiarity with Cyber Security and Information Technology.
  • Strong problem-solving and critical thinking skills.
  • Effective communication and interpersonal skills.

Benefits of working at Bank of America: UK

  • At Bank of America, we strive to prioritise employees’ health and wellbeing – it’s what makes us a Great Place to Work.
  • Private healthcare for you and your family plus an annual health screen to help you manage your physical wellness with the option to purchase a screen for your partner
  • Competitive pension plan, life assurance and group income protection cover if you become unable to work as a result of a disability or health reasons
  • We offer 26-weeks paid maternity leave, 16-weeks paid paternity leave and inclusive family leave arrangements for working parents and carers including 20 days of back-up childcare including access to school holiday clubs and 20 days of back-up adult care per annum 
  • The ability to change your core benefits as well as the option of selecting a variety of flexible benefits to suit your personal circumstances including access to a wellbeing account, travel insurance, critical illness, cycle to work etc.
  • Use of a flex fund to use towards benefits
  • Access to an emotional wellbeing helpline, and virtual GP services
  • Access to the Peppy App which provides 1:1 support, consultations and resources relating to men’s health, women’s health, fertility, menopause and pregnancy & parenthood
  • Access to a range of gyms, exercise classes and wellbeing Apps through Wellhub, including Headspace and Calm
  • Opportunity to give back to your community, develop new skills and work with new groups of people by volunteering in your local area

Good conduct and sound judgment is crucial to our long term success. It’s important that all employees in the organisation understand the expected standards of conduct and how we manage conduct risk. Individual accountability and an ownership mind-set are the cornerstones of our Code of Conduct and are at the heart of managing risk well.

“We are an equal opportunities employer and ensure that no applicant is subject to less favourable treatment on the grounds of sex, gender identity or gender reassignment, marital or civil partner status, race, religious or similar philosophical belief, political opinion, colour, nationality, ethnic or national origins, age, sexual orientation, pregnancy or maternity, socio-economic background, responsibility for dependants or physical or mental disability. The Bank selects candidates for interview based on their skills, qualifications and experience.”

We strive to ensure that our recruitment processes are accessible for all candidates and encourage any candidates to tell us about any adjustment requirements.

Learn more about this role

Refer a friend

Full time

JR-26023667

Manages People:

Age requirement: Must at least be 18 years of age.